hardware crypto and SSL?
Michael Sierchio
kudzu at tenebras.com
Wed Oct 22 07:04:55 PDT 2003
Eric Anderson wrote:
> The new VIA Eden-N processors have built in high-speed AES encryption
Forgive me, but that's really not important -- for SSL the bulk
encryption algorithm is usually RC4 (oops, ARCFOUR ;-), which
is efficient in software . It's the handshake and public key
operations that really benefit from the use of HW crypto.
In which case the currently-supported cards (either by the
OpenBSD /dev/crypto scheme ported by Sam Leffler, or those
directly supported in the OpenSSL engine) all work fine.
IOW the current Soekris boards help quite a bit, and they
also help because they have a HW RBG which actually stirs
the entropy pool for /dev/random -- very helpful for not
running out of random bits on machines that have no
keyboard or mouse.
More information about the freebsd-security
mailing list